IT Security
Web Application Security and OWASP Fundamentals
This practical course develops directly applicable capability in Web Application Security and OWASP Fundamentals. Participants work in depth on Web Application Attack Surface, and Access Control and Authentication, and Injection and Browser Attacks, then convert the methods into tools and actions suited to their workplace.
Objectives
- Apply the principles and methods of web application attack surface in a workplace context.
- Apply the principles and methods of access control and authentication in a workplace context.
- Apply the principles and methods of injection and browser attacks in a workplace context.
- Apply the principles and methods of security misconfiguration in a workplace context.
- Apply the principles and methods of software and data integrity in a workplace context.
- Apply the principles and methods of owasp assessment workshop in a workplace context.
Target audience
- Professionals responsible for the subject area
- Managers and supervisors
- Analysts, coordinators, and specialists
- Project and improvement teams
- Employees preparing for broader responsibilities
Program outline
A clear structure for the learning journey.
Program outline
Outline points are grouped in one designed block instead of being treated as separate module cards.
Module 1: Web Application Attack Surface
Browser, server, API, database, and third-party boundaries
Requests, responses, cookies, and sessions
Mapping assets and entry points
Module 2: Access Control and Authentication
Broken access control scenarios
Authentication and session weaknesses
Testing privilege and object-level authorization
Module 3: Injection and Browser Attacks
SQL, command, and template injection
Cross-site scripting and unsafe rendering
Server-side request and file-handling risks
Module 4: Security Misconfiguration
Default accounts, excessive permissions, and exposed services
Headers, errors, directories, and cloud storage
Secure configuration baselines
Module 5: Software and Data Integrity
Vulnerable components and supply-chain risk
Unsafe deserialization and update trust
Inventory and patch prioritization
Module 6: OWASP Assessment Workshop
Mapping findings to OWASP categories
Evidence, severity, and remediation guidance
Building a risk-based application-security backlog
Materials provided
- ○ Course-specific presentation slides
- ○ Practical exercises and facilitated activities
- ○ Course-specific worksheets, checklists, and templates
- ○ Applied workplace case studies
- ○ 4D Certificate of Completion issued by 4D Training & Consultancy
- ○ Post-course support for implementation questions
Training Options
Programs can be delivered in-house, online, or in a blended format depending on your team's schedule, location, and learning objectives. When an external certificate or exam is included, certification rules and fees remain under the relevant awarding body's policies, while 4D provides the training and preparation support.
Why choose 4D
4D adapts this program to the participant group and workplace context. Delivery combines structured explanation with course-specific exercises, realistic cases, working tools, and an action-planning component so participants can transfer the learning to their roles.
Related courses
AI for SOC Analysts
This practical course helps professionals master AI for SOC analysts, alert enrichment, investigation support, detection tuning, reporting, and safe use controls. The program connects key concepts, real use cases, risks, tools, and operational decisions so participants can apply the learning in their work environment. It can be tailored to the organization’s sector, internal systems, participant maturity, and performance objectives.
View courseAI Security, Governance and Cyber Risk Management
This course helps security, risk, IT, and business teams understand how artificial intelligence changes the cyber risk landscape. Participants learn how to assess AI tools, protect sensitive data, manage AI-related vulnerabilities, define governance controls, and align AI adoption with cybersecurity and compliance requirements.
View courseAirport Cybersecurity for Networked Systems
This practical course helps professionals master airport cybersecurity for networked systems, access control, CCTV, passenger Wi-Fi, operational systems, and incident readiness. The program connects key concepts, real use cases, risks, tools, and operational decisions so participants can apply the learning in their work environment. It can be tailored to the organization’s sector, internal systems, participant maturity, and performance objectives.
View course